Hackers Use Blackmail to Force YouTubers into Spreading Crypto-Mining Malware
Cybercriminals are employing blackmail tactics against YouTubers to distribute crypto-mining malware, according to Kaspersky. They exploit YouTube's copyright strike system to coerce content creators into sharing malicious links in video descriptions, directing viewers to download infected files.
The campaign utilizes a Trojan named SilentCryptoMiner, which covertly mines cryptocurrencies including Ethereum, Ethereum Classic, Monero, and Ravencoin. This software hijacks devices for crypto-mining while concealing its operations.
Kaspersky's research indicates that hackers manipulate the trust between YouTubers and their audiences. They mask malware as tools to bypass online restrictions, deceiving influencers into sharing them. A YouTuber with 60,000 subscribers unintentionally spread the malware, believing it was legitimate before deleting the link and issuing a warning.
Hackers escalate their tactics by falsely alleging copyright violations against YouTubers who refuse to share malware links, threatening channel takedowns. Many influencers comply due to fears of losing their platforms.
In the past six months, Kaspersky has identified over 2.4 million instances of cybercriminals manipulating network traffic through Windows Packet Divert drivers, disguising harmful programs as useful software to evade security measures and maintain access to infected computers.
Experts warn these tactics may extend to platforms like Telegram, where influencers engage with followers. Users are advised to refrain from downloading software from unverified sources.
Kaspersky also reported a data-stealing Trojan called SparkCat active on the App Store and Google Play since March 2024, which uses machine learning to extract sensitive information from users' devices.
In response to these threats, Arkham launched the "Key Opinion Leader (KOL) Label", tracking cryptocurrency wallets of influencers with over 100,000 followers on X. This feature helps investors discern whether influencers genuinely endorse tokens or are promoting paid advertisements.
Experts emphasize caution online, recommending users avoid unverified downloads and critically evaluate influencer promotions amid evolving cybersecurity risks.